https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122965#M4472 <P>Hi , same issue, in my organization , all in quarantine</P><P>thanks</P><P>Antonio Foggia</P> Mon, 05 Jul 2021 11:12:28 GMT afoggia 2021-07-05T11:12:28Z https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122953#M4469 <P>Our users are getting a notification that the Ant-Malware blade has blocked a Python script.&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="PythonScriptBlockNotification.jpg" style="width: 396px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12438i23E39AB2789A4994/image-size/medium?v=v2&amp;px=400" role="button" title="PythonScriptBlockNotification.jpg" alt="PythonScriptBlockNotification.jpg" /></span></P><P>&nbsp;</P><P>On investigation we found its actually Checkpoints own updater.</P><P>C:\ProgramData\CheckPoint\Endpoint Security\TPCommon\Updater\ATPS\Working\652743B2ED95EABB5DE5D88CDC51BF9E396216CD\cuckoo\protections\general\UID612340.pyc</P><P>Is there an actual issue with this script or should we add a manual exclusion for this ?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CardView.jpg" style="width: 953px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12440iD44EA01F46D9256D/image-size/large?v=v2&amp;px=999" role="button" title="CardView.jpg" alt="CardView.jpg" /></span></P><P>.</P> Mon, 05 Jul 2021 09:43:14 GMT https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122953#M4469 64Bit 2021-07-05T09:43:14Z https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122959#M4470 <P>Hi there 64Bit,</P><P>Our users also started getting this alert at just after 4pm today, Perth, Western Australia time. I have a case logged with CP support so I'd be happy to let you know the outcome of that if you like? We've never experienced this issue before so safe to say you shouldn't have to add an exclusion but will confirm.</P><P>I was glad to see your post because I wanted confirmation it wasn't just us.</P><P>Thanks</P> Mon, 05 Jul 2021 09:46:19 GMT https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122959#M4470 BrockCap 2021-07-05T09:46:19Z https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122960#M4471 <P>Please open a TAC case for this</P> Mon, 05 Jul 2021 09:48:06 GMT https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122960#M4471 _Val_ 2021-07-05T09:48:06Z https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122965#M4472 <P>Hi , same issue, in my organization , all in quarantine</P><P>thanks</P><P>Antonio Foggia</P> Mon, 05 Jul 2021 11:12:28 GMT https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122965#M4472 afoggia 2021-07-05T11:12:28Z https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122999#M4477 <P>Looks like a false positive in the Anti-Malware signatures.<BR />New signatures should be available in the next few hours that address this.</P> Mon, 05 Jul 2021 14:54:40 GMT https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122999#M4477 PhoneBoy 2021-07-05T14:54:40Z https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/123322#M4484 <P>Does anyone know if this file (UID612340.pyc) gets recreated or recompiled after the endpoint updates or if this file is even need for proper function of the endpoint?&nbsp; Since the file was deleted there is no way to restore it but if it is not needed do we even concern ourselves with it?</P> Thu, 08 Jul 2021 13:51:02 GMT https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/123322#M4484 Joe_Matthews 2021-07-08T13:51:02Z